Method and system for evaluating fingerprint templates

ABSTRACT

A method for evaluating an individual fingerprint template by using a remote dataset, comprising the steps of capturing a fingerprint representation by a fingerprint reader on a device, extracting significant data from the captured fingerprint representation, thereby creating an individual fingerprint template for the captured fingerprint representation, transmitting the individual fingerprint template from the device to a remote dataset comprising a plurality of fingerprint templates, determining an impostor score distribution for the individual fingerprint template, determining a security threshold for the individual fingerprint template, and transmitting the determined security threshold to the device. The advantage of the invention is that an individual security threshold can be set for a user, which will improve the FAR distribution of a device.

FIELD

The present invention relates to a method and system for evaluatingindividual fingerprint templates by using a remote dataset, preferably acloud based dataset. By using a large number of stored templates toevaluate an actual fingerprint template, the security threshold for theactual fingerprint template can be matched and set to a predefinedsecurity level. In this way, a fingerprint template can be assigned anindividually set security threshold in order to obtain an acceptablesecurity.

BACKGROUND ART

One way of simplifying the use of various types of appliances which areprotected by, for example, passwords, access codes and the like, is toreplace the codes with devices which recognize the user on the basis ofdifferent physical characteristics, so called biometrics. One type ofbiometrical characteristic is fingerprint information, which can be usedto either confirm or reject a user's attempt to gain access to anappliance, a premises, etc., referred to as user identity verification.Verification with the aid of fingerprint information is in most casesdone by the user having stored his fingerprint information in theequipment in question in advance, the stored information is commonlyreferred to as a template. The process of extracting the templateinformation and connecting it to a user identity is known as enrolment.The information for creating this template can either be input into theappliance which the user will later want to have access to, or via acentral appliance. For systems utilizing fingerprint sensors that aresignificantly smaller than a typical fingerprint, the enrolment willconsist of a procedure with multiple touches and the template willcontain information either assembled from several smallerpart-fingerprint images or will contain a plurality of separatepart-fingerprint images linked together.

When the user attempts to gain access to the equipment in question, abiometric device inputs information from the user's finger and comparesthe input information to the template in order to decide if the user isto be granted access to the equipment or not. This comparison isreferred to as fingerprint verification. To perform the verification,the input data needs to be processed into a format that can bemathematically compared with the data stored in the previously enrolledtemplate. The method that evaluates the similarity between the inputdata and the template data is referred to as a matching algorithm.Typically a matching algorithm will output a match score, which e.g. maybe a number between 1 and 0. A high match score will indicate a closematch between input data and template data and a low match score willindicate that the input data and the template data is significantlydissimilar. In order to determine if a user is to be verified as alegitimate user, i.e. to decide if the input data and the template datais coming from the same finger or not, a security threshold is set. Thesecurity threshold is compared to the match score, and if the matchscore is above or equal to the security threshold, the user data isaccepted and the user is verified. If the match score is below thesecurity threshold, the user data is rejected and the user is refusedaccess.

Equipment which verifies with the aid of fingerprint information mustsatisfy a number of requirements, for example reliability and speed.Verification in portable devices, for example mobile telephones,portable computers, different types of cards, etc., further requiresthat the equipment must be as small, lightweight and energy-efficient aspossible. Another requirement is that the equipment should preferably beinexpensive. The biometric performance of a device or system istypically described with two error rates: the False Acceptance Rate(FAR) that is a measure of the systems security and the False RejectionRate (FRR) that is a measure of the ease of use of the system. Differentapplications could have different preferred trade-offs between these twoerror rates. For some cases, convenience is more important than securityand vice versa.

Known types of devices for verifying a user's identity with the aid offingerprint information captures information from a user's fingerprintand compares this information with a template by means of the inputinformation being combined into a representation of the fingerprint,which is then compared with the template which has been stored inadvance. The capturing of fingerprint information and the matching ofthe fingerprint information and the template can be done in severaldifferent ways. The used method will partly depend on the size and typeof the used fingerprint reader.

The security of the matching algorithm is normally determined bycomputing a match score distribution based on a large dataset of storedtemplates. By performing a very large number of match attempts usingtemplates belonging to different fingers, an impostor score distributioncan be formed. By performing a very large number of match attempts,where each match attempt uses the significant data obtained from thefingerprint information of a user and the template belonging to thatuser, an genuine score distribution can be formed. A security thresholdfor the specific matching algorithm is then set such that the securitythreshold will give a predefined average FAR for the complete storeddataset that gives an acceptable security. A FAR in the order of lessthan 0.002% or 1/50 000 may give an acceptable security level foreveryday use. The corresponding FRR can be measured by performing alarge number of match attempts between templates belonging to the samefinger forming a distribution of genuine scores. The stored dataset isconsidered to represent a general public, and should comprise a largenumber of different templates from different persons. Normally, thestored dataset comprises several thousands of stored templates. Thissecurity threshold is determined for a specific algorithm and sensorcombination at the time when the device is designed and manufactured,and is programmed into the device system. This security threshold isthen used as a standard security threshold for all users of that devicetype.

One problem of using a predefined average security threshold based on afixed stored dataset of templates when verifying significant datarepresenting the fingerprint image of a user is that some templates arestronger than other templates, since individual templates differ and maye.g. resemble a normal distribution. This means that when the averagesecurity threshold is applied to a strong template, the FAR for thistemplate will be lower than required which results in an unnecessaryhigh FRR for the user of this template. In such a case, the significantdata extracted from the fingerprint image of the user may falsely berejected when compared to the stored template during verification. Theuser may have to try to verify himself several times before thesignificant data is accepted, which will be annoying for this user.

A strong template may be defined in the following manner: When a“normal” template is matched to a large set of impostor templates, theprobability of generating a match score that is larger than the averagesecurity threshold is at the required level, for instance 1/50000. Whena strong template is matched to the same large set of impostortemplates, the probability of generating a match score that is largerthan the average security threshold is significantly smaller thanrequired. When a weak template is matched to the same large set ofimpostor templates, the probability of generating a match score that islarger than the average security threshold is significantly larger thanrequired.

When a verification with a strong template is performed using an averagesecurity threshold, an unnecessarily high matching threshold will beapplied. The usability of the system depends on the value of thematching threshold. The usability of the system will decrease when thematching threshold is increased, such that the user will be rejectedmore often than needed.

At the same time, a weak template using the same average securitythreshold may result in the FAR being too high such that the securitywill be lower than acceptable. In such a case, the significant dataextracted from the fingerprint image of another user may falsely beaccepted when compared to the stored template. This means that a deviceon the market using an average security threshold and having an averagetemplate will meet the security requirements, but a device having a weaktemplate will not.

When the template is determined at the enrolment of the user at thedevice, the template may be given a specific score that will representone or more numerical values for the created template. The system mayuse an algorithm that prompts the user to make a new enrolment if thescore differs too much from a predefined numeric range or value. In thisway, it may be possible to avoid templates that are too strong or tooweak. However, such a system may also annoy a user and further, somefingerprints will inherently give stronger templates and somefingerprints will inherently give weaker templates.

There is thus a need for an improved way of determining a securitythreshold for a template representing a fingerprint image.

DISCLOSURE OF INVENTION

An object of the invention is therefore to provide an improved methodfor evaluating an individual fingerprint template. A further object ofthe invention is to provide an improved system for evaluating anindividual fingerprint template.

The solution to the problem according to the invention is described inthe characterizing part of claim 1 regarding the method and in claim 8regarding the system. The other claims contain advantageous furtherdevelopments of the inventive method and system. The claims also containa computer program and a computer program product for performing such amethod.

In a method for evaluating an individual fingerprint template by using aremote dataset, the steps of capturing a fingerprint representation by afingerprint reader on a device, extracting significant data from thecaptured fingerprint representation, thereby creating an individualfingerprint template for the captured fingerprint representation,transmitting the individual fingerprint template from the device to aremote dataset comprising a plurality of fingerprint templates,determining an impostor score distribution for the individualfingerprint template, determining a security threshold for theindividual fingerprint template, and transmitting the determinedsecurity threshold to the device are comprised.

By this first embodiment of the evaluation method according to theinvention, a method is provided in which an individual securitythreshold level for an individual fingerprint template can bedetermined. In this way, the security threshold level can be determinedand set individually for a fingerprint template, such that the securitycan be adapted to the strength of an individual fingerprint template. Bydetermining a specific security level for an individual fingerprinttemplate, an optimized security and usability can be obtained for eachuser of a device or system, even if the strength of the template differsconsiderably from the expected value of a normal distribution.

Known types of devices for verifying a user's identity with the aid offingerprint information captures information from a user's fingerprintand extracts significant data from the user's fingerprint and comparesthis information with a template which has been stored in advance, in anenrolment stage. The capturing of fingerprint information and thematching of the fingerprint information and the template can be done inseveral different ways. The used method will partly depend on the sizeand type of the used fingerprint reader.

The security of the matching algorithm is normally set by evaluating alarge dataset of stored templates. An average security threshold for thespecific matching algorithm is set such that the security threshold willgive a predefined average FAR for all different templates stored in thestored dataset. The stored dataset is considered to represent a generalpublic, and should comprise a large number of different templates fromdifferent persons. Preferably, the stored dataset comprises severalthousands of stored templates. This average security threshold isdetermined for a specific algorithm and sensor combination when thedevice is designed and manufactured, and this average security thresholdis programmed into the device system.

One problem of using a predefined average FAR to set the securitythreshold for all templates of a specific device is that some templatesare stronger than other templates, since individual templates differ andmay e.g. resemble a normal distribution. The templates of the device arecreated by the combination of a specific fingerprint reader and anextraction algorithm used in that device. This means that when theaverage security threshold is applied to a strong template, the FAR forthis template will be lower than required which results in anunnecessary high FRR for the user of this template, which may beannoying for this user. At the same time, a weak template using the sameaverage security threshold may result in the FAR being too high suchthat the security will be lower than acceptable. This may not be noticedby the user but is never the less unacceptable.

When the fingerprint template is determined at the enrolment of thefingerprint, the template may be given a specific score that willrepresent one or more numerical values for the created template. Thesystem may use an algorithm that prompts the user to make a newenrolment if the score differs too much from a predefined numeric rangeor value. In this way, it may be possible to avoid templates that aretoo strong or too weak. However, such a system may also annoy a user andfurther, some fingerprints will inherently give stronger templates andsome fingerprints will inherently give weaker templates.

In an advantageous development of the method according to the invention,the remote dataset is a cloud based dataset. The cloud based dataset maycomprise one or several remote servers at one or more locations. Theremote dataset comprises a receiver, a transmitter and a computer forevaluating the individual fingerprint template and for determining asecurity threshold for the individual fingerprint template.

In an advantageous further development of the method, the methodcombines a plurality of different template datasets in the remotelocation for evaluation of the individual fingerprint template. In thisway, templates of different systems which are created by a differentfingerprint reader and a different extraction algorithm can be used toevaluate the individual fingerprint template. Preferably, a combinationfactor or combination array is applied to the different templates datasets in order to be able to combine them.

An inventive system for evaluating individual fingerprint templates byusing a remote dataset comprises a fingerprint reader mounted in adevice adapted for capturing a fingerprint representation, an extractionunit adapted for extracting significant data from the capturedfingerprint representation and to create an individual fingerprinttemplate for the captured fingerprint representation, transmitting meansadapted for transmitting the individual fingerprint template from thedevice to a remote dataset comprising a plurality of fingerprinttemplates, determination means adapted for determining an impostor scoredistribution for the individual fingerprint template, determinationmeans adapted for determining a security threshold for the individualfingerprint template, and transmitting means for forwarding thedetermined security threshold to the device.

By the inventive system, it is possible to determine an individualsecurity threshold for an individual fingerprint template by using aremote dataset. In this way, it is possible to provide the same FalseAcceptance Rate for all different fingerprint templates used in aspecific type of device. By doing this, the strength of a fingerprinttemplate can be compensated for. A strong fingerprint template can beassigned a lower security threshold and a weaker fingerprint templatecan be assigned a higher security threshold. All users will in this wayexperience a similar False Acceptance Rate.

In a development of the system, the remote dataset is a cloud baseddataset. The remote dataset may be combined from a plurality ofdifferent fingerprint template datasets, such that fingerprint templatesfrom different types of fingerprint readers can be used, or thatfingerprint templates extracted with different extraction algorithms canbe used.

BRIEF DESCRIPTION OF DRAWINGS

The invention will be described in greater detail in the following, withreference to the attached drawings, in which

FIG. 1 shows a schematic view of a system according to the invention,

FIG. 2 shows a graph representing normalized impostor scoredistributions,

FIG. 3 shows a graph representing different FAR distributions,

FIG. 4 shows a graph representing the relationship between impostorscore distribution and template score distribution, and

FIG. 5 shows a schematic flow chart of an inventive method according tothe invention.

MODES FOR CARRYING OUT THE INVENTION

The embodiments of the invention with further developments described inthe following are to be regarded only as examples and are in no way tolimit the scope of the protection provided by the patent claims.

FIG. 1 shows a schematic system for evaluating individual fingerprinttemplates by using a remote dataset. The system 1 comprises afingerprint reader 2 mounted in a device 3. The fingerprint reader maybe a capacitive touch fingerprint reader mounted in a handheld device,such as a telephone or a tablet, but may also be e.g. an opticalfingerprint reader mounted in an automated teller machine (ATM) or adoor lock. Other types of fingerprint readers are also plausible. In theshown example, a capacitive touch fingerprint reader mounted in a mobilephone is used as an example. At enrolment of a user of the device, afirst fingerprint representation is captured by the fingerprint reader.The fingerprint representation is used to create a template representingthe fingerprint representation by extracting significant data from thefingerprint representation. For systems utilizing fingerprint sensorsthat are significantly smaller than a typical fingerprint, the enrolmentwill consist of a procedure with multiple touches and the template willcontain information either assembled from several smallerpart-fingerprint images or will contain a plurality of separatepart-fingerprint images linked together.

The fingerprint representation may be captured in different ways. If asufficiently large area sensor is used, a single fingerprint image willprovide the fingerprint representation. If a small area sensor or touchsensor is used, which is significantly smaller than a typicalfingerprint, the enrolment will consist of a procedure with multipletouches and the fingerprint representation will contain informationeither assembled from several smaller part-fingerprint images or willcontain a plurality of separate part-fingerprint images linked together.Significant data is extracted from the fingerprint representation inorder to provide a fingerprint template. If a line sensor is used, thefingerprint representation is assembled when the finger is drawn overthe line sensor. An extraction unit 4 comprising an extraction algorithmis used to extract significant data from the fingerprint representationin order to create a fingerprint template of the fingerprintrepresentation.

The created fingerprint template will have a specific strength, which isdependent on the ridge pattern of the finger of a user. Depending on thetype of ridge pattern and the types of sub-groups of each ridge pattern,i.e. the different minutiae features of the finger, a stronger or weakerfingerprint template will be obtained. A more complex fingerprint havingmany different minutiae features may give a stronger template, while a“simpler” fingerprint having fewer distinct minutiae features may give aweaker template. The strength of the template will also depend on theextraction algorithm, e.g. on which type of significant data that isextracted from the fingerprint image.

The extracted template is transmitted to a remote dataset 6 at a remotelocation 7 by a transceiver 5 of the device, and is received by atransceiver 8. The remote location may be a remote data servercontaining a large amount of different fingerprint templates, or maycomprise several different data servers at different locations, whichmay be referred to as a cloud based dataset. A dataset may e.g. containall fingerprint templates created by the devices of a specificmanufacturer, or all fingerprint templates of a specific serviceprovider. The dataset will thus grow over time, giving a larger numberof fingerprint templates to compare with. Other types of datasets maycomprise fingerprint templates created at different temperatures or atdifferent locations, e.g. having different humidity. By using suchdatabases, the evaluation can compensate for environmental influences.The remote dataset further comprises a computer 9 for evaluating theindividual fingerprint template and for determining a security thresholdfor the individual fingerprint template. The extracted fingerprinttemplate is stored in the dataset. The extracted fingerprint template isfurther compared with the stored templates in the dataset. By having alarge amount of different fingerprint templates to compare with, therelative strength of the actual extracted fingerprint template can beevaluated in a more reliable way, since the remote database will containa more representative distribution of fingerprint templates than apredefined dataset stored e.g. at the manufacturer of the device.

It is also possible to combine several different remote datasets whenevaluating the extracted fingerprint template. It is e.g. possible touse datasets from different manufacturers or datasets associated withdifferent devices. Datasets with fingerprint templates extracted fromdifferent types of fingerprint readers or with different extractionalgorithms may also be combined. Preferably, a combination factor orcombination array is applied to the different templates datasets inorder to be able to combine them.

An average imposter score distribution is also created from the storednumber of fingerprint templates. The average impostor score distributionis formed from evaluating a large number of impostor matches based on alarge number of enrollments and verifications by using several differentfingerprint representations with the different stored fingerprinttemplates. FIG. 2 shows a graph with normalized distributions, where 21denotes an average imposter score distribution. By calculating a newimpostor distribution using just the actual single fingerprint templateusing the stored fingerprint templates, an individual impostor scoredistribution is obtained. This new impostor score distribution may givea significantly different result. FIG. 2 shows a strong impostor scoresub-distribution denoted 20, and a weak impostor score sub-distributiondenoted 22. FIG. 2 also shows a suitable security threshold 23 for thestrong impostor score sub-distribution, a suitable security threshold 24for the average impostor score distribution, and a suitable securitythreshold 25 for the weak impostor score sub-distribution. It can thusbe seen that if a regular security threshold is assigned to a user usinga large dataset of stored templates, which is represented by threshold24, and the template of that user is strong, the FAR is lower thanrequired. At the same time, should the template of that user be weak,the FAR is higher than required.

When the strength of the extracted fingerprint template has beenevaluated, a security threshold is determined for the fingerprinttemplate. This security threshold is an individual security thresholdassigned to the specific fingerprint template, and is preferably setsuch that a predefined FAR is will be reached for the extractedfingerprint template. If the fingerprint template is found to be strong,a lower security threshold such as 23 can be assigned for the extractedfingerprint template. If the fingerprint template is found to be weak, ahigher security threshold such as 25 can be assigned for the extractedfingerprint template. If the fingerprint template is found to beaverage, an average security threshold such as 24 is assigned for theextracted fingerprint template, or an average predefined securitythreshold which is preinstalled in the device may be used.

FIG. 4 shows a graph representing the relationship between an averageimpostor score distribution 30 and an average genuine score distribution31. The two graphs overlap some, the amount of overlap depends on thestrength of the used template. A security threshold 32 is assigned tothe template. The FAR is represented by the area 34, which is the areabelow the impostor score distribution 30 to the right of the securitythreshold level 32. The FRR is represented by the area 33, which is thearea below the genuine score distribution 31 to the left of the securitythreshold level 32.

By using an individual security threshold, an FAR distribution can beoptimized. FIG. 3 shows a graph comprising an FAR distribution based ona large dataset of stored templates, denoted 26. The required FAR isdenoted 28. By using an individual security threshold, a narrower FARdistribution denoted 27 may be obtained.

Since the different fingerprint templates will have a normaldistribution, it is only the extreme fingerprint templates that need tobe assigned an individual security threshold, e.g. the lower 20% and thehigher 20% of the population. For the middle part of the fingerprinttemplates, e.g. between 20-80% of the population, an average securitythreshold may be acceptable. It is however possible to assign anindividual security threshold to all individual fingerprint templates.Weak templates may also be removed completely or may require a newenrolment.

When an individual security threshold is determined for the extractedfingerprint template, the security threshold is transmitted to thedevice by the transceiver 8. The security threshold is stored in thedevice and will be used when the fingerprint of a user is verified bythe device. This will occur every time the user activates the device andlogs on to the device.

It is also possible to update an individual security threshold at alater stage, e.g. after six months, in order to improve the userexperience. The reason for this may be that the remote dataset of storedtemplates has been updated with more templates such that an improvedindividual security threshold may be obtained. The specified moment toupdate individual security threshold can be e.g. set as a time intervalor may be dependent on other program updates.

The inventive method for evaluating an individual fingerprint templateby using a remote dataset is shown as a flow chart in FIG. 5.

In step 100, a fingerprint representation is captured a by a fingerprintreader mounted in a device. In step 110, significant data is extractedfrom the captured fingerprint representation, thereby creating anindividual fingerprint template for the captured fingerprintrepresentation.

In step 120, the individual fingerprint template is transmitted from thedevice to a remote dataset at a remote location. In step 130, animpostor score distribution is determined for the individual fingerprinttemplate.

In step 140, a security threshold is determined for the individualfingerprint template in order to provide a predefined False AcceptanceRate. In step 150, the determined security threshold is transmitted tothe device, where it is stored in a memory. The stored securitythreshold will be used for verification of a user by comparing acaptured fingerprint image with the stored fingerprint template andapplying the security threshold.

The invention is not to be regarded as being limited to the embodimentsdescribed above, a number of additional variants and modifications beingpossible within the scope of the subsequent patent claims.

REFERENCE SIGNS

-   1: System-   2: Fingerprint reader-   3: Device-   4: Extracting unit-   5: Transceiver-   6: Dataset-   7: Remote location-   8: Transceiver-   9: Computer-   20: Strong impostor score sub-distribution-   21: Average imposter score distribution-   22: Weak impostor score sub-distribution-   23: Threshold for strong impostor score sub-distribution-   24: Threshold for average impostor score distribution-   25: Threshold for weak impostor score sub-distribution-   26: Regular FAR distribution-   27: Narrow FAR distribution-   28: Required FAR-   30: Average imposter score distribution-   31: Average genuine score distribution-   32: Security threshold-   33: FRR-   34: FAR

What is claimed is:
 1. A method for evaluating an individual fingerprinttemplate by using a remote dataset, comprising the following steps:capturing a fingerprint representation by a fingerprint reader on adevice, extracting significant data from the captured fingerprintrepresentation, thereby creating an individual fingerprint template forthe captured fingerprint representation, transmitting the individualfingerprint template from the device to a remote dataset comprising aplurality of fingerprint templates, determining an individual impostorscore distribution for the individual fingerprint template by using theremote dataset of fingerprint templates, determining a securitythreshold for the individual fingerprint template in order to provide apredefined False Acceptance Rate for the extracted fingerprint template,and transmitting the determined security threshold to the device,wherein the method further comprises the step of repeating the steps of:transmitting the individual fingerprint template from the device to theremote dataset comprising the plurality of fingerprint templates,determining the impostor score distribution for the individualfingerprint template, determining the security threshold for theindividual fingerprint template in order to provide the predefined FalseAcceptance Rate, and transmitting the determined security threshold tothe device, where these steps are performed separately at a specifiedtime interval.
 2. The method according to claim 1, wherein the remotedataset is a cloud based dataset.
 3. The method according to claim 1,wherein the specified time interval is initiated by an external signal.4. The method according to claim 1, wherein the method further comprisesthe step of combining a plurality of different template datasets in thecloud for the evaluation of the False Acceptance Rate of the individualfingerprint template.
 5. The method according to claim 1, wherein thedetermined security threshold for the individual fingerprint templatedepends on the strength of the individual fingerprint template.
 6. Themethod according to claim 1, wherein the strength of the fingerprinttemplate is assigned a numeric value or an array of numeric values.
 7. Anon-transitory computer-readable storage medium storing instructionsthat, when executed by one or more processors, cause the one or moreprocessors to perform the method of claim 1.